Menu
▾
▴
Re: [Phpwebsite-developers] Security Announcement
|
From: Matthew M. <ma...@tu...> - 2005-02-25 15:18:44
|
Thanks Wendall. Steven and I tested it this morning and had the same results. Unless php is set as a image type, it won't go. However, I don't want to be too cocky. I received an email from someone who claimed they had some sites hacked. If anyone is able to reproduce this exploit, please email us. Thanks, Matt and Steven On Thu, 2005-02-24 at 16:26 -0800, Wendall Cada wrote: > Hey all. There was a security announcement on BUGTRAQ > http://www.securityfocus.com/archive/1/391496/2005-02-21/2005-02-27/0 > > I tested and it is invalid. It can be exploited if you change the > settings to allow for uploading of php files, which the submitter failed > to mention. He also failed to mention OS/Server/PHP version as well. > Maybe this does work on Personal Web Server for Windows 95, dunno. This > should at least be a good example of why phpWebSite will never be > permitted to insert code for any reason or in any form through the > interface. > > Not sure how you want to respond to this Matt, but since it's already > all over the internet, I'll just post it here and leave it up to you. > > Wendall > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Phpwebsite-developers mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers -- Matthew McNaney Electronic Student Services Appalachian State University http://phpwebsite.appstate.edu |
